CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15632

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.042

EPSS Ranking 88.2%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 5.8

References

Products affected by CVE-2020-15632

Dlink » Dir-842 » Version: c

cpe:2.3:h:dlink:dir-842:c
Dlink » Dir-842 Firmware » Version: N/A

cpe:2.3:o:dlink:dir-842_firmware:-
Dlink » Dir-842 Firmware » Version: 1.05b02

cpe:2.3:o:dlink:dir-842_firmware:1.05b02
Dlink » Dir-842 Firmware » Version: 2.00b06

cpe:2.3:o:dlink:dir-842_firmware:2.00b06
Dlink » Dir-842 Firmware » Version: 2.01b04

cpe:2.3:o:dlink:dir-842_firmware:2.01b04
Dlink » Dir-842 Firmware » Version: 2.02b01

cpe:2.3:o:dlink:dir-842_firmware:2.02b01
Dlink » Dir-842 Firmware » Version: 3.00b18

cpe:2.3:o:dlink:dir-842_firmware:3.00b18
Dlink » Dir-842 Firmware » Version: 3.01b05

cpe:2.3:o:dlink:dir-842_firmware:3.01b05
Dlink » Dir-842 Firmware » Version: 3.10b05

cpe:2.3:o:dlink:dir-842_firmware:3.10b05
Dlink » Dir-842 Firmware » Version: 3.11b05

cpe:2.3:o:dlink:dir-842_firmware:3.11b05
Dlink » Dir-842 Firmware » Version: 3.12b01

cpe:2.3:o:dlink:dir-842_firmware:3.12b01
Dlink » Dir-842 Firmware » Version: 3.13b05

cpe:2.3:o:dlink:dir-842_firmware:3.13b05
Dlink » Dir-842 Firmware » Version: 3.13b09

cpe:2.3:o:dlink:dir-842_firmware:3.13b09

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15632

Products

Pricing

Contact Us